Data protection policy

iNuba APP

In compliance with EU Regulation 2016/679 General Data Protection Regulation (hereinafter, “GDPR”) and Organic Law 3/2018 of December 5 on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter “LOPDGDD”), the user (hereinafter, “User”) is hereby informed of the manner in which their personal data will be processed through the iNuba App (hereinafter, “App”).

1. DATA CONTROLLER

• Owner: 3DHealthAI, SL (hereinafter, “ iNuba ”)
• Registered office: Polígono Industrial Los Vientos, Calle Levante,1, 46119 Náquera, Valencia
• CIF: B-40644445
• DPO : dataprotection@inuba.com

2. CATEGORIES OF DATA COLLECTED, PURPOSES OF PROCESSING AND LEGAL BASIS

2.1 User registration

The user must complete the registration form, as well as general questions to find out about his or her lifestyle. Specifically, the following types of personal data will be collected:

• Identification data: name and surname.
• Contact details: email address.
• Personal characteristics data collected through general questionnaires: among others, ethnic origin, objective, lifestyle, type of activity, frequency of activity.

The personal data requested at the time of user registration are strictly necessary to be able to know the physical and circumstantial characteristics of the interested party. If said data is not provided, the user will not be able to use the services offered by the App.

In addition, For the correct operation of the App and optimal provision of services, the User must provide special category data in accordance with the provisions of the GDPR, including health data. Consequently, the App will request the User’s authorization for the processing of such personal data.

If the User does not authorize the processing of health data, he/she will not be able to use the services of the App.

At the time of registration of the App, and after obtaining the corresponding permissions, the App may access personal data of the Users included in the public profiles of Facebook or Google. Specifically, identification data, if applicable, name and surname, photo URL and nickname, and additionally, email. Although iNuba has access to said data, it will only process the data relating to the email address.

The processing of the user’s personal data in this first phase of user registration will be carried out based on the execution of the contractual relationship and, where applicable, on the user’s consent for the purposes for which it is collected.

2.2. Use of the App

In order to benefit from the services offered by the App, iNuba processes the following categories of personal data of users: identification, personal characteristics, as well as health data (diseases, intolerances, allergies, muscle mass, BMI, physiognomy, among others), location data, contacts, email and authentication credentials.

Likewise, if the user of the App has undergone the iNuba Box scanner, or the 3D avatar generation service with a mobile device, the data obtained through said scanner, or from the use of the mobile device, will be synchronized with the App, which will consequently additionally process, among others, the following data: % of muscle mass, % of fat mass, % intracellular water, etc., the image processing to make the 3D reconstruction of the user, as well as the perimeters calculated from the 3D reconstruction (neck, chest, waist, upper thigh, lower thigh, etc.). If the user has not undergone said scanner, or the 3D avatar generation service with a mobile device, the user can voluntarily enter perimeters of certain parts of his or her body. In the case of the 3D avatar generated with a mobile device, the avatar with the user’s body silhouette is generated directly by the system’s artificial intelligence, without the iNuba technical team having to access the images of the video recorded by the user. The technical team will only access the video images in the event that the 3D avatar is not generated correctly, in order to verify whether or not the user has correctly followed the instructions in the tutorial. The user expressly authorizes the iNuba technical team to access the images from the recorded video for this purpose.

Likewise, iNuba may ask the user to provide additional data such as, among others; lifestyle (sedentary, active, very active), chronic diseases (diabetes, hypertension, etc.), intolerances (gluten, nuts, etc.), daily sports activity (training frequency). This data will be used to better adapt nutrition and training plans to the needs of each user.

The personal data mentioned above will be processed in general for the following purposes:

• Design personalized training, nutrition and mind plans adapted to the user according to the parameters previously described and recorded in the App.
• Conducting analysis of behavioral patterns and lifestyle/habits.

• Implementation of personalized marketing campaigns.
• Connection to the iNuba Clinic Software in the event that the user explicitly consents so that a health professional who has contracted the Software can view all the data generated by the user in the iNuba App, iNubaBox and/or iNuba Totem.
• Connection to the iNuba Wellbeing Software in the event that the user explicitly connects to the service so that their company can implement health improvements in the company thanks to the use of anonymous and aggregated health information.

The use of the App may involve access and interconnection with information from other applications with the User’s prior consent, such as Apple Health , Google Fit . The categories of data that we may access, with your prior authorization, will be the following: physical characteristics (height, weight, etc.), sports activities and physical exercise performed (steps, distances, etc.), health data (Kcal, stress, sleep habits, heart rate, pulse, blood pressure, bone mass and muscle and lean mass data, menstrual cycle, and nutritional data, etc.), as well as environmental data.

In the mobile 3D service, to create a 3D avatar we can process data from a full-body video of the user in order to obtain metrics and offer a health report in the iNuba App. We will access the images in case the avatar is not generated correctly due to some type of technical failure or because the instructions in the tutorial were not followed properly. We will need to access the recording to review what may have happened, learn from common errors and provide the user with a second avatar.

Likewise, after obtaining the corresponding permissions, iNuba App may access the location data, access to the camera and gallery of the User’s device while the User is using the App. The User may modify their preferences through the settings of their device.

The legitimate basis for the processing of user data when using the App is the execution of the contractual relationship and, where applicable, consent for the purposes for which it is collected.

Annex 0 details the data that iNuba collects from the user to provide the service.

1. Payment for the service through the App or Web

iNuba provides both free and paid services, which are clearly identified in the App itself. In the case of paid services, the price includes VAT.

In order to enable payment for the services provided in the App, iNuba will process the data relating to the bank card in order to manage payment for the subscription to the App.

The processing of personal data relating to bank card data is carried out on the basis of the execution of the contractual relationship.

1. Profiling for sending personalized commercial communications

iNuba will carry out processing consisting of user profiling for the purpose of sending personalized electronic commercial communications.

No automated decisions will be made based on these profiles.

User profiling will be carried out taking into consideration criteria such as demographic and health data of the User, objectives, needs, actions carried out in the App.

iNuba informs that the User may at any time exercise their rights of access, rectification, deletion of their data (including personal data for the creation of a profile, as well as the profile itself, the right to limit processing (applying to any phase of processing related to profiling), as well as revoke their consent by unsubscribing from such personalized electronic commercial communications by following the instructions found at the bottom of each of them.

The legitimate basis for carrying out this treatment is the consent of the User.

1. Performing statistical analysis

iNuba will perform statistical analysis using data categories such as users’ most common diseases, health goals, preferences, lifestyles/habits, in order to create user profiles.

This processing will be carried out based on iNuba’s legitimate interest in detecting new opportunities to increase customer volume, guide commercial strategies, as well as understanding customer behavior patterns in order to create more personalized and attractive communication.

Likewise, the data used for statistical analysis will be used anonymously.

At any time, the user may object to the processing of his/her data for the purposes of compiling statistics by sending his/her request to the email address available in the “Rights” section of this data protection policy.

3. DATA RETENTION

Personal data will be kept for the time necessary to fulfill the purpose for which it was collected, during the maintenance of the contractual relationship, as well as for the period necessary to determine possible responsibilities that may arise from the purposes.

However, regarding the processing of images, they are made to reconstruct the user in 3D, so, once this is completed, these images are deleted and not kept by iNuba .

Uninstalling the App does not entail the deletion of the user’s data, so if the User wishes to delete his or her personal data, he or she must exercise the right to delete it in accordance with the instructions described in section 7 of this data protection policy. Likewise, if the user deletes his or her account, iNuba will automatically block the user’s data for the period necessary to address possible legal liabilities. Once this period has expired, iNuba will permanently delete the user’s personal data.

4. RECIPIENTS

Personal data may be communicated in order to comply with a legal obligation and/or in response to a legal, judicial or administrative request, for example, to state security forces and bodies, to the Courts and Tribunals or to the Spanish Data Protection Agency.

Likewise, iNuba, in some cases, may provide services to third-party companies and therefore to its clients, sharing the personal data of said clients obtained through iNubaBox and iNuba App.

5. INTERNATIONAL DATA TRANSFERS

iNuba informs you that it hires third parties who, in order to provide certain services, such as those relating to the computation of algorithms, telemedicine, calculations of user metrics, in their capacity as data processors, may have access to your personal data. These third parties may be located outside the European Economic Area, specifically in the USA, which currently does not have an adequate level of protection according to the European Commission.

Without prejudice to the foregoing, both access to personal data and the international transfer itself are regulated by the signing of the corresponding standard contractual clauses adopted by the European Commission, as well as through the assignment agreement, in accordance with the regulations on data protection, to which you may have access upon request.

6. PRIVACY NOTICE FOR MINORS

The App may only be used by persons aged 14 or over in the case of Spain, by persons aged 13 or over in the case of the United Kingdom, and by persons aged 16 or over in the rest of the world, in accordance with the provisions of current legislation. If a user is under this age, he/she declares that one of his/her parents or legal guardians has reviewed and accepted these conditions of use.

7. RIGHTS

At any time, the user may exercise their rights of access, rectification, deletion, opposition, limitation and portability of their data, by sending their request to the following email address dataprotection@inuba.com , under the subject line: “Data Protection”.

Likewise, the User may revoke his/her consent to receive personalized electronic commercial communications in accordance with the provisions of section 2.4 of this data protection policy, by unsubscribing, following the instructions found in the footer of each electronic commercial communication.

8. CLAIM

Users are hereby informed that if they consider that their rights have not been exercised, they may contact the iNuba data protection officer at the email address dataprotection@inuba.com and, where appropriate, file a complaint by contacting the DPO at the same email address and, where appropriate, the Spanish Data Protection Agency. More information at www.aepd.es .

9. PRIVACY TERMS OF OTHER SERVICES OFFERED BY iNUBA

• iNuba Wellbeing

3DHealth, SL, (iNuba) has services aimed at corporations, the provision of which involves the treatment of users, such as employees. Specifically, the iNuba Wellbeing service.

In accordance with current data protection regulations, the data controller for data processing carried out for the purpose of the service will in any case be the corporation that hires the services. In this regard, iNuba will act as the data processor, and may process the data on behalf of and under the instructions of the corporation, pursuant to the corresponding data processing contract signed between the parties.

Without prejudice to the foregoing, the purposes and categories of data that iNuba may process as data processor for the provision of the service on behalf of the corporation are detailed below for each service:

iNuba will process, on behalf of the company that contracts the iNuba Wellbeing service, the personal data of employees (hereinafter, “Wellbeing Clients”) who register or access the App due to their employment relationship with the company.

In order to provide the iNuba Wellbeing service, iNuba may access personal data relating to the name, surname, NIF, corporate email, country, city, headquarters, and department of the Wellbeing Client in order to correctly manage the user’s registration in the iNuba Wellbeing software on behalf of the employer.

Likewise, iNuba will process on behalf of the employer the personal data of Wellbeing Clients managed in the iNuba App in order to carry out an analysis of the wellbeing of employees whose health data is processed, as well as factors such as motivation, stress level, rest, productivity.

iNuba App will make the data available to the employer in an aggregated and anonymous form, as well as resolve any incident related to the iNuba Wellbeing software.

• iNuba Clinic

3DHealth, SL, (iNuba) has services aimed at companies or health professionals, the provision of which involves the processing of user health data. Specifically, the iNuba Clinic, iNubaBox, iNuba Totem and iNuba App services.

In accordance with current data protection regulations, the data controller for data processing carried out for the purpose of the service will in any case be the company or professional who hires the services. In this regard, iNuba will act as the data processor, and may process the data on behalf of and under the instructions of the corporation, pursuant to the corresponding data processing contract signed between the parties.

Without prejudice to the foregoing, the purposes and categories of data that iNuba may process as data processor for the provision of the service on behalf of the corporation are detailed below for each service:

On behalf of the company or professional that contracts the iNuba Clinic service, iNuba will process the personal data of the clients-users linked to the service (hereinafter, “Clinic Clients”) who register or access the App due to their relationship with the company or professional.

In order to provide the iNuba Clinic service, iNuba may access personal data relating to name, surname, age, sex, race, etc., in short, any data necessary for the generation of plans, calculation of metrics, of an administrative nature, etc., in order to correctly manage the user’s registration in the iNuba Clinic software on behalf of the company or professional.

Likewise, iNuba will process on behalf of the company or professional the health data of the Clinic Clients managed in the iNuba App in order to monitor the health, lifestyle habits, physical activity, etc. of the Clinic Clients whose health data is being processed, in short, all the variables reflected in Annex 0.

iNuba App will make the individual data of the Clinic Client available to the company or professional for the correct provision of the service by the latter, always with the explicit knowledge and consent of the Clinic Client.

• iNubaBox and iNuba Totem

In the event that a corporation rents or acquires iNubaBox or iNuba Toem , the corporation will act as the controller of the personal data generated and stored by the cabin, such as the percentage of muscle mass, fat mass, intracellular water, etc., as well as the avatar or image generated by the iNuba devices.

iNuba may only process personal data relating to the image or avatar of users, in the event that the 3D image or avatar has not been generated correctly, as well as the test results and any information necessary for the best customer service when errors are detected in the system, failures in the measurement process or customers report an incident.

Finally, as with the service relating to iNuba Wellbeing, iNuba will sign the corresponding data processing contract in accordance with the provisions of data protection regulations.

ANNEX 0

PERSONAL DATA THAT INUBA COLLECTS FROM THE USER

1.- Personal:

Name

Surnames

E-mail

DNI

Sex

Ethnic origin

Birthdate

Lifestyle

Number of days of physical activity

Intensity of physical activity

Device ID

Device operating system

Local time

Country

Diseases

Purpose of using the app

Photo

2.- Nutrition:

Type of diet

Allergies / Intolerances

Dislikes

Number of meals

Variety of dishes

3.- Fitness:

Fitness experience

Preferred training duration

Training place

Equipment

Dolores

Muscles to strengthen

4.-Mind:

Objective of the mind program

Experience in meditation

5.-Body composition:

Height

Weight

Basal metabolic rate

% Body fat

% Lean mass

% Muscle mass

% Android mass

% Gynoid mass

Visceral adipose tissue area

Extracellular water

Intracellular water

Total body water

Total bone mass

% Bone mass

Total body fat

Total lean mass

Total muscle mass

Total android mass

Total gynoid mass

Total visceral fat

Resistance to different frequencies

Reactance at different frequencies

6.- Perimeters:

Neck

Chest

Hip

Waist

Left middle arm

Middle right arm

Left forearm

Right forearm

Left leg

Right leg

Left middle thigh

Right middle thigh

Upper left thigh

Upper right thigh

7.- Temperatures:

Face

Right Trapezius

Neck

Left Trapezius

Right Shoulder

Right Pectoral

Left Pectoral

Left Shoulder

Right arm

Right Oblique

Abdomen

Left Oblique

Left Arm

Right elbow fossa

Left elbow fossa

Right External Forearm

Right Inner Forearm

Left Inner Forearm

Left External Forearm

Right Wrist

Left Doll

Right Hand

Left Hand

Quadriceps (Vastus Lateralis) Right

Quadriceps (Rectus Femoris) Right

Quadriceps (Vastus Medialis) Right

Right adductors

Adductors Left

Quadriceps (Rectus Anterior) Left

Quadriceps (Vastus Medialis) Left

Quadriceps (Vastus Lateralis) Left

Right Knee

Left Knee

Right Tibialis Anterior

Right Internal Gastrocnemius

Left Internal Gastrocnemius

Left Tibialis Anterior

Right Ankle

Left Ankle

Right Foot

Left Foot

Head

Neck

Left Upper Trapezius

Right Upper Trapezius

Left Shoulder

Left Lower Trapezius

Right Lower Trapezius

Right Shoulder

Left Arm

Left Latissimus Dorsi

Right Latissimus Dorsi

Right arm

Left Elbow

Lumbar

Right Elbow

Left External Forearm

Left Inner Forearm

Right Inner Forearm

Right External Forearm

Left Gluteus

Right Gluteus

Left Doll

Right Wrist

Left Hand

Right Hand

Left External Hamstrings

Left Internal Hamstrings

Right Internal Hamstrings

Right External Hamstrings

Left Popliteal Fossa

Right Popliteal Fossa

Left External Twin

Left Internal Twin

Right Internal Twin

Right External Twin

Left Achilles Tendon

Right Achilles Tendon

Right anterior forearm

Left anterior forearm

Right quadriceps

Left quadriceps

Right leg

Left leg

Left posterior forearm

Right posterior forearm

Right hamstring

Left hamstring

Left calf

Right twin

8.- Indexes:

BMI

iNuba Index

Waist/hip ratio

Gynoid/android ratio

Waist circumference

Waist/height ratio

Conicity index

Abdominal volume index

% Visceral fat

Body Shape Index

Body roundness index

Neck contour

Body adiposity index

Extracellular water/total body water ratio

Fat-free mass index

Total body water/fat free mass ratio

9.- Segmental:

% Fat left arm

Right arm fat

% Fat left leg

Right leg fat

Left arm muscle

Right arm muscle

% Left leg muscle

Right leg muscle

% Trunk fat

% Trunk muscle

Fat left arm

Right arm fat

Fat left leg

Fat right leg

Left arm muscle

Right arm muscle

Left leg muscle

Right leg muscle

Fat trunk

Trunk muscle

10.- Water:

% Extracellular water

% Intracellular water

% Total body water

11.- Daily log:

Hours of sleep

Hydration

Number of steps

Mood

Subjective stress level

Energy level

Appetite

11.- Devices:

Number of steps

Distance traveled

Hours of sleep

Sleep quality

Heart rate

Resting heart rate (RHR)

Blood oxygen saturation (SpO2)

Blood pressure

Blood glucose level

ECG

Body temperature

Heart Rate Variability (HRV)

12.- Others:

Calories consumed

Calories burned

Macronutrient distribution

Data reported in questionnaires

Telemedicine Usage Data

ANNEX 1

DATA PROTECTION OF TELEMEDICINE SERVICES PROVIDED BY mediQuo

MEDIPREMIUM SERVICIOS MÉDICOS, SL., hereinafter mediQuo , expresses its commitment to comply with the legislation in force at all times regarding data protection, specifically with the General Data Protection Regulation EU20 16/679 (hereinafter, RGPD) and Organic Law 3/2018 of December 5 on Data Protection and Guarantee of Digital Rights (hereinafter, LOPDGDD), maintaining, in accordance with the provisions of article 31 of the aforementioned Law, a record of the processing activities carried out under its responsibility, as well as all data protection obligations conferred upon it.

Below you will find all the necessary information about the personal data we collect, how we process it and your rights.

Basic Information

I. Who processes my personal data?

The data controller is MEDIPREMIUM SERVICIOS MÉDICOS, SL, with NIF B64049604. Our headquarters are located at Calle Milanesat 25-27, 5th Floor, Barcelona. You can contact us by email at dpo@mediquo.com .

Mediquo acts as Data Controller, since it deals on its own behalf with the interested parties or natural persons who own the personal data for the purpose of offering telemedicine services.

Furthermore, if you have any questions, queries or wish to exercise any of the rights granted to data subjects by data protection regulations, you may contact our Data Protection Officer (DPD) by email at dpo@mediquo.com .

II. What legitimacy does mediQuo have for processing data?

The legal basis for the processing of data provided directly by the user is the contractual relationship of services between the user and the service offered by mediQuo . However, as regards the legitimacy for the processing of personal health data, the basis of legitimacy will be both the legal obligation protected by Law 41/2002, of November 14, basic regulation of patient autonomy and rights and obligations regarding information and clinical documentation, as well as express consent.

Express consent will be the legitimate basis for processing for statistical purposes in order to analyse the behaviour and trends of Users, as well as to send communications via email and/or send SMS to the user about the operation of the service.

Furthermore, the processing of personal data based on legitimate interest allows the company to record calls for quality reasons, and allows for the continuous analysis and improvement of the services offered, thus ensuring an optimal experience for users. This approach also allows the company to maintain the security and integrity of the platform, as well as prevent fraudulent or malicious activities.

III. What information does mediQuo collect ?

a) Information provided directly by the User:

MediQuo collects and stores certain information that the User provides and shares:

• Data collected during registration: The information that the user provides to become a member of mediQuo . These include identifying data, such as email, and personal data: name and surname, date of birth, sex.
• Medical history data: This data cannot be entered directly by the user. The professional will complete this section, provided that the user provides the corresponding data. This data is sensitive because it is related to health and will include the following: weight, age, allergies, treatments and/or illnesses.
• Chat data: mediQuo records all chats between a user and a healthcare professional so that they can be consulted at a later time by another duly authorized professional.
• Recording of video calls with the patient: At mediQuo , we may record video calls between a user and a healthcare professional in order to keep a detailed record of the consultation. These recordings are stored securely and confidentially and are used solely for the purpose of ensuring the quality of service, improving and developing patient care, staff information and for future consultation by other duly authorized healthcare professionals. Video call recordings are handled in accordance with our privacy policy and are kept for the time necessary to fulfill the purposes mentioned above.
• Additional information shared by the user via chat: Information that the mediQuo user wants to share that may be identifying. This includes medical history, images, videos, files, medical records, x-rays or any other information related to their health.
• Data relating to the health of a minor: the user may only share data of minors under his or her parental authority or when the minor is over 14 years of age and has the express consent of the minor.

b) Information that Users provide us indirectly:

• Application and device data: mediQuo stores data on the connection device that the User uses to access the services.
• These are: Internet IP address that the User uses to connect to the Internet with his/her computer or mobile, information about his/her computer or mobile, such as his/her Internet connection, browser type, version and operating system, and type of device, the full clickstream of Uniform Resource Locators (URL), including date and time, the User’s “cookie” number, browsing history and User preferences.
• Data derived from the User’s origin: if the User reaches the mediQuo Website through an external source (such as a link from another website or a social network), mediQuo collects data from the source from which the MediQuo User comes .

IV. For what purpose is the data collected?

mediQuo uses personal data for the following purposes:

1. The various doctors and specialists who provide the service offered by mediQuo through its Web portal or App may access the Information that the user has shared with any of said doctors for the sole purpose of any of them being able to provide the service. The user may also save basic medical data within their profile, and these will be automatically shared with the doctors. The doctors may also modify this data in order to correct and complete the information, whenever necessary. The legal basis for the processing of this personal data is consent and legal obligation. In turn, the legal basis for this processing will also be the execution of the service for which mediQuo is contracted.
2. mediQuo also uses the information to research and analyze how to optimize its services and to develop and improve the features of the service it offers. The legal basis for processing this data is legitimate interest.
3. mediQuo may also use user information for the purpose of detecting and investigating fraud, illegal activities and potential violations of our “Terms of Use”. The legal basis for processing this data is legitimate interest.
4. Internally, mediQuo uses the information for statistical purposes in order to analyse User behaviour and trends, to understand how Users use the mediQuo App and Website in order to manage and improve the services offered. The legal basis for processing this data is legitimate interest.
5. The purpose of recording video consultations with patients is to carry out an internal medical audit to ensure the quality of the service provided. In addition, in the event of a dispute between the patient and the doctor who treated him, these recordings serve as evidence to resolve the dispute.
6. Likewise, mediQuo may use the personal data provided by the User to carry out communications via telephone call, email, push messages , pop-up messages and/or send SMS to the User about the operation of the service and/or to carry out satisfaction surveys about it. The legal basis for the processing of this personal data is consent. Mediquo undertakes to obtain the express and verifiable consent of the User for the processing of their personal data.
7. Furthermore, mediQuo may make phone calls and send Users push , pop-up and/or SMS messages via email, with service improvements and news regarding the service it offers. The legal basis for the processing of this personal data is consent. Mediquo undertakes to obtain the express and verifiable consent of the User for the processing of their personal data.
8. mediQuo undertakes not to collect unnecessary information about its clients or users, to treat with diligence the personal information that may be provided and to comply at any stage of data processing with the obligation to maintain due confidentiality.
9. mediQuo User data is stored on servers located in Europe. mediQuo declares that these servers comply with the applicable legislation on Data Protection and with the commitments set out in this Data Privacy Policy.

V. How long will we retain your data?

Your personal data will be processed for the period necessary to fulfill the purposes set forth in this Privacy Policy, as well as to retain your personal information in compliance with the provisions of the relevant laws and regulations, especially in relation to legal limitation periods, and for the formulation, exercise or defense of claims.

The criteria we follow for this are determined by the purpose of the data collected and the fulfillment of that purpose (e.g., if you have given consent, you can revoke it at any time) and the storage periods required by contractual and regulatory requirements.

Please note that, in some cases, we may retain your data for the period necessary to formulate, exercise or defend claims, requirements, responsibilities and legal and/or contractual obligations, always being duly blocked.

In the event that the user revokes consent for the processing of their data or requests the cancellation of the same (and provided that they have this right in accordance with the regulations), mediQuo will proceed to block them and will only retain them for the periods required by current regulations.

VI. Does mediQuo share the information it collects?

mediQuo will only share your personal data with third parties where it is necessary to provide our services to you, when you have requested something from us that we must respond to, or when we are legally required to do so. Generally speaking, information will only be shared when it is strictly necessary. necessary for the purpose in question, complying with all legal obligations and guarantees for this, so mediQuo may share information with:

• Companies of the Medipremium Medical Services SL group
• Those tools that mediQuo has hired to help it in the provision of services: Amazon Web Services , Vonage and Pixelxen .
• Insurance Companies that are necessary for the service.

In addition, in some cases, the law may require that personal data be disclosed to public bodies or other parties, only what is strictly necessary to comply with such legal obligations will be disclosed.

VII. Access to Medical History and Historical Chats by the Professional User

The user expressly accepts that by starting a chat with a professional user, the latter may have access to the Medical History and the historical chats generated between the user and professional users so that the professional users can consult them, in order to guarantee the correct provision of the medical service.

When a user consults a medical professional for the first time, he or she will be required to confirm authorization beforehand so that the professional can access the medical history in order to provide the service correctly.

VIII. What rights do users have?

mediQuo gives the user access to a large amount of information about his/her account and operations in the WEB Widget so that he/she can view, and in certain cases, update said information.

Every user will be able to access their profile and complete and/or edit it as they see fit.

The information and data provided by the user will be available at all times in his or her user account and may be modified by him or her through the edit profile option.

The User has over Mediquo and may, therefore, exercise the following rights recognized in the GDPR against the Data Controller:

1. Right of access: This is the User’s right to obtain confirmation of whether or not Mediquo is processing their personal data and, if so, to obtain information about their specific personal data and the processing that Mediquo has carried out or is carrying out, as well as, among others, the information available on the origin of said data and the recipients of the communications made or planned for them.
2. Right to rectification: This is the User’s right to have their personal data modified if it is found to be inaccurate or, taking into account the purposes of the processing, incomplete.
3. Right to erasure (“the right to be forgotten”): This is the right of the User, unless otherwise provided by current legislation, to obtain the deletion of his/her personal data when these are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his/her consent to the processing and there is no other legal basis for this; the User objects to the processing and there is no other legitimate reason to continue with it; the personal data have been processed unlawfully; the personal data must be deleted in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a minor under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the technology available and the cost of its implementation, must adopt reasonable measures to inform those responsible for processing the personal data of the interested party’s request to delete any links to said personal data. Likewise, it is reported that the Patient Autonomy Law and Royal Decree 1093/2010, of September 3, which approves the minimum set of data for clinical reports in the National Health System, requires mediQuo to retain the data for certain periods that may vary depending on the time of clinical documentation.
4. Right to restriction of processing: This is the User’s right to limit the processing of his or her personal data. The User has the right to obtain restriction of processing when he or she contests the accuracy of his or her personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User has objected to the processing.
5. Right to data portability: In the event that the processing is carried out by automated means, the User shall have the right to receive from the Data Controller his/her personal data in a structured, commonly used and machine-readable format, and to transmit them to another data controller. Whenever technically possible, the Data Controller will directly transmit the data to that other controller.
6. Right to object: This is the User’s right to prevent the processing of their personal data or to stop the processing of their personal data by Mediquo .
7. Right not to be subject to a decision based solely on automated processing, including profiling: This is the User’s right not to be subject to an individualised decision based solely on the automated processing of his or her personal data, including profiling, unless otherwise provided by current legislation.
8. Right to revoke consent: The User will have the right to withdraw his/her consent at any time.

Therefore, the User may exercise his/her rights by means of written communication addressed to the Data Controller with the reference ” RGPD.mediquo “, specifying:

1. Name, surname of the User and copy of the ID. In cases where representation is admitted, identification by the same means of the person representing the User will also be necessary, as well as the document accrediting the representation. The photocopy of the ID may be replaced by any other legally valid means that accredits the identity.
2. Request with the specific reasons for the request or information to which you wish to access.
3. Address for notifications.
4. Date and signature of the applicant.
5. Any document that supports the request you are making.

This application and any other attached documents may be sent to the following address and/or email:

• Postal address:
• C/ Milanesat nº25-27 5th floor
• 08017 Barcelona
• Email: dpo@mediquo.com

The exercise of these rights is completely free of charge. Once mediQuo receives the request, it will analyze it to ensure that all the necessary information has been provided for its processing , as well as the legitimacy and relevance of the request.

If it is not relevant or, due to the specific situation, the exercise of the requested right cannot be granted, the interested party will be notified so that they can file the corresponding claims.

The exercise of rights will always be carried out within the legally established time limits, unless technical problems whose resolution is beyond our reach prevent them from being carried out. In any case, the user will receive a notification in this regard.

IX. How do we protect user data?

mediQuo has adopted the necessary measures to maintain the required level of security, according to the nature of the personal data processed and the circumstances of the processing, in order to avoid, as far as possible and always according to the state of the art, its alteration, loss, processing or unauthorized access, and in any case, will apply the necessary technical and/or organizational measures to guarantee the correct processing of personal data.

The personal data provided will not be transferred to third parties without prior authorization from the owner thereof.

Likewise, mediQuo informs users that they have the right to exercise effective protection of the rights recognized herein before the Spanish Data Protection Agency, as the competent Control Authority in matters of Data Protection.

X. Data of minors

To use the mediQuo App , the user must be of legal age and not have any limitations on their ability to act.

However, mediQuo may store personal data of minors when these have been provided directly by their parents or the person holding parental authority over the minor. These data will be collected for the purpose and legitimacy mentioned in section IV and will enjoy the rights mentioned in section VIII.

Applicable jurisdiction

Spanish law will apply to the relations between mediQuo and users arising from the contracting of services, with the express submission of the parties to the jurisdiction of the courts of the user’s domicile.

Contact

If you need to contact us, you can write to us at the company address indicated in these Conditions, or send us an email to dpo@mediquo.com .

Last Updated: November 2024

---